TrendResearch has detected an operation where attackers exploited a Cisco Simple Network Management Protocol (SNMP) vulnerability to install a rootkit on vulnerable network devices.
The SNMP exploit referenced in Cisco’s latest advisory is CVE-2025-20352, which affects both 32-bit and 64-bit switch builds and can result in remote code execution (RCE). The operation targeted victims running older Linux systems that do not have endpoint detection response solutions, where they deployed Linux rootkits to hide activity and evade blue-team investigation and detection. Trend Research investigation also found that attackers used spoofed IPs and Mac email addresses in their attacks.
Read more…
Source: Trend Micro
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- NSA, FBI, CISA, and Japanese Partners Release Advisory on PRC-Linked Cyber Actors
September 27, 2023
Today, the U.S. National Security Agency (NSA), Federal Bureau of Investigation (FBI), and Cybersecurity and Infrastructure Security Agency (CISA), along with the Japan National Police Agency (NPA) and the Japan National Center of Incident Readiness and Strategy for Cybersecurity (NISC) released joint Cybersecurity Advisory (CSA) People’s Republic of China-Linked Cyber Actors Hide in Router Firmware. The ...
- A Ransomware Group Is Claiming They’ve Breached Sony’s Systems And Stolen Data
September 27, 2023
Although the claims of a data breach are still unverified, Sony has publicly acknowledged the situation and issued a statement to IGN which simply reads, “We are currently investigating the situation, and we have no further comment at this time.” It looks like Sony may have been victim of a breach resulting in the collection of ...
- Analysis of Generative AI Trends and ChatGPT Usage
September 26, 2023
The release of ChatGPT underscores the potential of artificial intelligence to revolutionize the daily operations of organizations. This paradigm shift is compelling businesses to reevaluate their conventional approaches and embrace the transformative capabilities offered by AI. Among the noteworthy facets of AI’s evolution, Large Language Models (LLMs) have emerged as a dominant force, reshaping user interactions ...
- CISA Releases Six Industrial Control Systems Advisories
September 26, 2023
CISA released six Industrial Control Systems (ICS) advisories on September 26, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-269-01 Suprema BioStar 2 ICSA-23-269-02 Hitachi Energy Asset Suite 9 ICSA-23-269-03 Mitsubishi Electric FA Engineering Software Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related: CISA Adds Three Known Exploited Vulnerabilities to Catalog
- Dusting for fingerprints: ShadowSyndicate, a new RaaS player?
September 26, 2023
The Ransomware-as-a-Service (RaaS) market is a fast-moving one. Prominent RaaS or affiliate groups can form, wreak havoc, and disband all within a short period of time. In this blog, Group-IB researchers will detail what they believe to be a new RaaS group that appears to operate differently from the rest: Enter ShadowSyndicate. What is unusual about ...
- APT and financial attacks on industrial organizations in H1 2023
September 25, 2023
This summary provides an overview of reports of APT and financial attacks on industrial enterprises that were disclosed in H1 2023, as well as related activities of groups that have been observed attacking industrial organizations and critical infrastructure facilities. For each topic, Kaspersky researchers have sought to summarize the key facts, findings, and conclusions of the ...